Security Now Archive (Audio)

Hosts: Steve Gibson with Leo Laporte This week, Leo and I discuss the best "I'm not a robot" video ever; Cisco's WebEx problem being far more pervasive than first believed; more bad news (and maybe some good news) for Netgear; Gmail adds .js to the no-no list; a hotel finally decides to abandon electronic room keying; more arguments against the use of modern AV; another clever exploitable CSS browser hack; some (hopefully final) password complexity follow-ups; a bit of errata and...

Hosts: Steve Gibson with Leo Laporte This week, Leo and I discuss how, while still on probation, Symantec issues additional invalid certificates; how Tavis Ormandy found a very troubling problem in Cisco's web conferencing extension for Chrome; yesterday's more-important-than-usual update to iOS; and renewed concerns about LastPass metadata leakage. The SEC looks askance at what's left of Yahoo. We talk about a troubling browser form autofill information leakage. Tor further hides its...

Hosts: Steve Gibson with Leo Laporte This week, Leo and I discuss a classic bug at GoDaddy which bypassed domain validation for 8,850 issued certificates. Could flashing a peace sign compromise your biometric data? It's not only new IoT devices that may tattle - many autos have been able to for the past 15 years. McDonald's gets caught in a web security bypass; more famous hackers have been hacked; Google uses AI to increase image resolution; more on the value or danger of password tricks;...

Hosts: Steve Gibson with Leo Laporte This week, Leo and I discuss the U.S. Federal Trade Commission's step into the IoT and home networking malpractice world, a radio station learning a lesson about what words NOT to repeat, Google's plan to even eliminate the checkbox, a crucial caveat to the "passwords are long enough" argument, more cause to be wary of third-party software downloads, a few follow-ups to last week's topics, a bit of miscellany, a close look at the government's Russian...

Hosts: Steve Gibson with Leo Laporte This week, Leo and I discuss law enforcement and the Internet of Tattling things, a very worrisome new and widespread PHP eMail vulnerability, Paul and Mary Jo score a big concession from Microsoft, a six-year-old "hacker" makes the news, Apple discovers how difficult it is to make developers change, hyperventilation over Russian malware found on a power utility's laptop, the required length of high-entropy passwords, more pain for Netgear, an update on...

Hosts: Steve Gibson with Leo Laporte This week Leo and I discuss Russia's hacking involvement in the U.S. election; that, incredibly, things get even worse for Yahoo; misguided anti-porn legislation in South Carolina; troubling legislation from Australia; legal confusion from the Florida appellate court; some good news from the U.S. Supreme Court; Linux security stumbling; why Mac OS X got an important fix last week; the steganography malvertising attack that targets home routers; news of a...

Hosts: Steve Gibson with Leo Laporte This week, Leo and I discuss ticket-buying bots getting their hands slapped (do they have hands?); a truly nasty new addition to encrypting ransomware operation; a really dumb old problem returning to many recent Netgear routers; Yahoo being too pleased with their bug bounty program; and steganometric advertising malware that went undetected for two years. uBlock Origin readies for a big new platform. What exactly is the BitDefender BOX? We wish we knew!...

Hosts: Steve Gibson with Leo Laporte Leo and I discuss Android meeting Gooligan, Windows Upgrades bypassing BitLocker, and nearly one million U.K. routers taken down by a Mirai variant. The popular AirDroid app is "doing it wrong." Researchers invent a clever credit card disclosure hack; Cloudflare reports a new emerging botnet threat; deliberate backdoors are discovered in 80 different models of Sony IP cameras; we get some closure on our San Fran Muni hacker.

Hosts: Steve Gibson with Leo Laporte A wonderful quote about random numbers, our standard interesting mix of security do's and don'ts, new exploits (WordPress dodged a big bullet!), planned changes, tips and tricks, things to patch, a new puzzle/game discovery, some other fun miscellany - and, finally, 10 comments, thoughts, and questions from our terrific listeners!

Hosts: Steve Gibson with Leo Laporte Leo and I discuss this week's major dynamic duo stories: Samy Kamkar is back with a weaponized Raspberry Pi, and el cheapo Android phones bring new meaning to "phoning it in." Another big unrelated Android problem; watching a webcam getting taken over; Bruce Schneier speaks to Congress about the Internet; another iPhone lock screen bypass and another iPhone lockup link; ransomware author asks a security researcher for help fixing their broken crypto;...

Hosts: Steve Gibson with Leo Laporte Leo and I discuss the results from our listener's informal CAIDA spoofing testing; how "LessPass" turned out to be even less than it appeared; my great day at Yubico; a whole bunch of IoT news; updates from PwnFest and Mobile Pwn2Own; a bit of miscellany, including the probable elimination of the need for Dark Matter; a new WiFi field disturbance attack; a wacky Kickstarter "fingerprint" glove; and the "BlackNurse" reduced-bandwidth DoS attack.

Hosts: Steve Gibson with Leo Laporte Leo and I discuss the answer to last week's security and privacy puzzler, Let's Encrypt Squarespace, the new open source "LessPass" app, LastPass goes mobile-free, many problems with OAuth, popular Internet services' privacy concerns, news from the IP spoofing front, Microsoft clarifies Win10 update settings and winds down EMET, a hacker finds a serious flaw in Gmail, MySQL patches need to be installed now, a tweet from Paul Thurrott, a bit of errata,...

Hosts: Steve Gibson with Leo Laporte Leo and I discuss an oh-so-subtle side-channel attack on Intel processors, the quest for verifiable hacker-proof code (which oh-so-subtle side-channel attacks on processors can exploit anyway), another compiler optimization security gotcha, the challenge of adding new web features without opening routes of exploitation, some good news about the DMCA, Matthew Green and the DMCA, and how the relentless MPAA and RIAA are still pushing limits and threatening...

Hosts: Steve Gibson with Leo Laporte Leo and I discuss last week's major attack on DNS, answering the question of whether or not the Internet is still working. We look at Linux's worrisome "Dirty COW" bug, rediscovered in the kernel after nine years. We address the worrisome average lifetime of Linux bugs; share a bit of errata and miscellany; and offer an in-depth analysis of Drammer, the new, largely unpatchable, Android mobile device Rowhammer 30-second exploit.

Hosts: Steve Gibson with Leo Laporte Leo and I discuss some serious concerns raised over compelled biometric authentication, then do a detailed dive into the recently completed audit of VeraCrypt, the successor to TrueCrypt. We've got more on web browsers fatiguing system main SSD storage and a bunch of interesting miscellany, including a question asked of Elon Musk: "Are we living within a simulated reality?" We conclude with 11 questions and observations from our terrific listeners.

Hosts: Steve Gibson with Leo Laporte Leo and I discuss today's Windows Update changes for 7 and 8.1. An exploit purchaser offers a .5 million bounty for iOS hacks. WhisperSystems encounters its first bug. An IEEE study reveals pervasive "security fatigue" among users. We've got Firefox and Chrome news, WoSign Woes, Samsung Note 7 news, some errata, a bunch of miscellany, and a look into new Yahoo troubles and concerns over the possibility of hidden trapdoors in widely deployed prime numbers.

Hosts: Steve Gibson with Leo Laporte Father Robert and I discuss an "update" on Microsoft's GWX remover; an encouraging direction for the Windows 10 Edge browser; HP in the doghouse; "Oh, yeah, that's what I meant to say about how to upgrade a site's password hashing"; a really terrific Dynamic DNS hack; another update on Windows Update; a distressing heads-up about how some unseen behavior of our web browsers is fatiguing our SSDs; a bit of errata and miscellany; and then a discussion of...

Hosts: Steve Gibson with Leo Laporte Father Robert and I discuss Brian Krebs' forced move from Akamai to Google's Project Shield, Yahoo's record-breaking, massive 500-million-user data breach, and Apple's acknowledged iOS 10 backup PBKDF flaw. A well-known teen hacker jailbreaks his new iPhone 7 in 24 hours. Microsoft formally allows removal of GWX. There's a new OpenSSL server DoS flaw, also more WoSign/StartCom woes as Mozilla prepares to pull the plug. BitTorrent Sync is renamed and more...

Hosts: Steve Gibson with Leo Laporte Father Robert and I discuss concerns over a significant expansion in effectively warrantless intrusion into end-user computers; the forthcoming change in Internet governance; generation of a shiny new (and bigger) DNSSEC root signing key; Google's next move in using Chrome to push for improved security; the interesting details emerging from a successful NAND memory cloning attack on the iPhone 5c; some fun miscellany. Then I share the details and...

Hosts: Steve Gibson with Leo Laporte Leo and I discuss a bit of Flip Feng Shui follow-up; Apple's announcements; Android's rough week; wireless device privacy leakages; some fun miscellany; and 10 questions, comments, and observations from our terrific listeners.